QuoScient’s Weekly Intelligence Bulletin for the week of 07 March – 14 March 2019 is now available for download in the Media Center!
Find a summary below.
CYBER
Reported Incidents Industry Impacted: Information Technology
On 6 March, Citrix announced that international cyber criminals reportedly breached their internal
network who ultimately downloaded business documents. The incident, which Citrix learned of via the FBI, reportedly was the result of a password spraying attack.
Vulnerabilities Industry Impacted: ANY
Microsoft’s Patch Tuesday release includes fixes for 64 vulnerabilities across multiple products,
and includes patches for two zero-day vulnerabilities actively exploited in the wild.
Threat Actor Activity Industry Impacted: Financials
In the last seven days, QuoINT observed continued activity from the e-crime threat actor EmpireMonkey.
The latest spear phishing campaign uses new attack infrastructure, and again impersonates the Financial Supervisory Authority of Denmark to target different financial institutions primarily operating in the E.U. Earlier this week, QuoINT also disseminated a warning email about this campaign.
In recent weeks, QuoINT has observed new variants of the TerraLoader malware being digitally signed with valid certificates issued to fake companies registered in the U.K. Due to the use of valid digital signatures, most of the AV vendors were unable to detect the new variants.
GEOPOLITICS
The European Parliament adopted the E.U. Cybersecurity Act to establish a E.U.-wide framework
for cybersecurity certifications for products, processes, and services.